13692 matches found
CVE-2021-45485
CVE-2021-45485 affects the Linux kernel IPv6 path: net/ipv6/output_core.c exposes an information leak due to how a hash table is used, enabling IPv6 source address-based observation. Impact is partial confidentiality exposure; no integrity/availability impact stated. Affected: Linux kernel prior ...
CVE-2020-29368
Affected software: Linux kernel up to version prior to 5.7.5 (pre-5.7.5). Vulnerability details: In mm/huge_memory.c, __split_huge_pmd, the copy-on-write CoW implementation can grant unintended write access due to a race in the THP mapcount check. This race condition can lead to local write acces...
CVE-2023-3390
CVE-2023-3390 is a local-use-after-free vulnerability in Linux kernel nftables (net/netfilter/nf_tables_api.c) caused by mishandled NFT_MSG_NEWRULE error paths, enabling a local attacker with CAP_SYS_ADMIN to trigger a privilege escalation. Public advisories (Amazon Linux 2/ALAS, Astra Linux, Deb...
CVE-2019-18282
CVE-2019-18282 affects the Linux kernel flow_dissector (Linux 4.3–5.x up to 5.3.10). The root cause is that UDP/IPv6 flow labels rely on a 32-bit hashrnd secret, with jhash used instead of siphash, allowing an attacker to infer the secret and track flows. Affected code includes net/core/flow_diss...
CVE-2019-19045
CVE-2019-19045 affects the Linux kernel prior to 5.3.11 due to a memory leak in mlx5_fpga_conn_create_cq() (drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c). The issue allows local attackers to cause memory DoS by triggering mlx5_vector2eqn() failures. Ubuntu/Unity/SUSE advisories cite the sa...
CVE-2020-36158
CVE-2020-36158 is a Linux kernel vulnerability in the Marvell mwifiex WiFi driver (join.c) that allows a long SSID to trigger a buffer overflow, potentially leading to system crash or arbitrary code execution. Affected trees include kernels up to 5.10.4; upstream patch (commit 5c455c5ab332) adds ...
CVE-2018-16884
The CVE-2018-16884 issue affects the Linux kernel NFS4.1+ client: mounting NFS shares across different network namespaces can cause a use-after-free in bc_svc_process() leading to memory corruption and potential host panic. Exploitation details in the provided sources are host/container local, wi...
CVE-2020-11494
The CVE-2020-11494 issue affects the Linux kernel slcan (serial line CAN) driver: in slcan.c, CAN headers for received packets may not be fully initialised when receiving data, enabling local attackers to read uninitialised can_frame data from kernel memory (information leak). Root cause is incom...
CVE-2024-56703
CVE-2024-56703 affects the Linux kernel and describes soft lockups in fib6_select_path under high next-hop churn. The issue occurs when nodes in the multipath fib6_siblings list are concurrently deleted on another core, causing a loop that triggers a watchdog-based panic. The mitigation implement...
CVE-2019-19060
CVE-2019-19060 is a memory-leak vulnerability in the Linux kernel (discovered in adis_buffer.c: adis_update_scan_mode()) that can lead to memory exhaustion and DoS. Affected: Linux kernel versions before 5.3.9 (drivers/iio/imu/adis_buffer.c). Exploitation details are not provided in the documents...
CVE-2023-31083
CVE-2023-31083 affects the Linux kernel (drivers/bluetooth/hci_ldisc.c). In hci_uart_tty_ioctl, there is a race between HCIUARTSETPROTO and HCIUARTGETPROTO where HCI_UART_PROTO_SET is written before hu->proto is set, which may cause a NULL pointer dereference. The connected advisories confirm ...
CVE-2019-11190
CVE-2019-11190 affects the Linux kernel prior to 4.8. Local users could bypass ASLR on setuid programs (e.g., /bin/su) due to install_exec_creds() being invoked late in load_elf_binary() in fs/binfmt_elf.c, creating a race in ptrace_may_access() when reading /proc/pid/stat. Connected advisories (...
CVE-2021-4037
Summary: CVE-2021-4037 affects the Linux kernel’s inode_init_owner() logic for XFS SGID directories, enabling local users to create files with unintended group ownership and SGID/group-exec bits when the directory is SGID and writable to non-group members. The issue is linked to a missed fix rela...
CVE-2022-42896
CVE-2022-42896 affects the Linux kernel, specifically use-after-free in net/bluetooth/l2cap_core.c (l2cap_connect and l2cap_le_connect_req). A remote Bluetooth proximity attacker could trigger code execution or leak kernel memory. A fix is available by upgrading past the commit 711f8c3fb3db618970...
CVE-2023-23455
CVE-2023-23455 affects the Linux kernel’s ATM traffic control path: atm_tc_enqueue in net/sched/sch_atm.c up to version 6.1.4 is vulnerable to a type confusion that can misclassify values, enabling a local denial-of-service. Public reports describe the issue without details on exploits beyond DoS...
CVE-2019-11815
The CVE-2019-11815 issue affects Linux kernels with net/rds/tcp.c: rds_tcp_kill_sock contains a race that can cause a use-after-free during net namespace cleanup (pre-5.0.8). A fix was committed and released in 5.0.8; upgrading to 5.0.8+ (or applying the patch) is the advised remediation. The Uni...
CVE-2019-15090
CVE-2019-15090 affects the Linux kernel driver component drivers/scsi/qedi/qedi_dbg.c, with an out-of-bounds read in the qedi_dbg_* family of functions for versions before 5.1.12. The issue can enable a local attacker to read memory due to improper bounds handling, as described in the CVE entry. ...
CVE-2020-1749
CVE-2020-1749 describes a flaw in the Linux kernel’s IPsec networking implementation (notably VXLAN and GENEVE tunnels over IPv6). When an encrypted tunnel is established between two hosts, tunneled data may be misrouted over the encrypted link, causing data to be sent unencrypted and potentially...
CVE-2020-12826
CVE-2020-12826 affects the Linux kernel before 5.6.5. The root cause is an integer overflow in exec_id (include/linux/sched.h) due to 32-bit sizing, which can allow a child process to send an arbitrary signal to a parent process in a different security domain, bypassing protection. A patched vers...
CVE-2020-26147
CVE-2020-26147: Linux kernel 5.8.9 vulnerability where fragmented frames reassembly can occur with plaintext fragments under WEP/CCMP/GCMP, allowing packet injection or selective fragment exfiltration. Connected advisories indicate fixes are provided via updated kernels (e.g., ALAS2KERNEL advisor...
CVE-2020-12769
CVE-2020-12769 affects the Linux kernel prior to 5.4.17. The issue is in drivers/spi/spi-dw.c, where concurrent calls to dw_spi_irq and dw_spi_transfer_one can trigger a kernel panic (local exploit). The vulnerability is fixed in Linux kernel 5.4.17 (see ChangeLog-5.4.17). No exploit details are ...
CVE-2016-0728
The CVE-2016-0728 issue affects the Linux kernel up to version 4.4.1, specifically in the keyring handling path join_session_keyring() within security/keys/process_keys.c. A flaw in object reference management in an error path can allow a local, unprivileged user to escalate privileges or cause a...
CVE-2019-20811
CVE-2019-20811 affects the Linux kernel prior to 5.0.6, where a reference count is mishandled in rx_queue_add_kobject() and netdev_queue_add_kobject() within net/core/net-sysfs.c (CID-a3e23f719f5c). The issue was fixed in kernel 5.0.6 (ChangeLog-5.0.6). Exploitation would require local access and...
CVE-2021-38160
CVE-2021-38160 affects the Linux kernel “virtio_console” driver. In drivers/char/virtio_console.c, if an untrusted device supplies a buf->len value larger than the destination buffer, data corruption or loss can occur. The issue is fixed in Linux kernel 5.13.4 (ChangeLog-5.13.4). The vendor no...
CVE-2021-46951
CVE-2021-46951 (Linux kernel) concerns a local vulnerability in TPM support where tpm_read_log_efi could trigger integer underflow of efi_tpm_final_log_size when a TPM2 driver is loaded/unloaded repeatedly. The issue arises from subtracting final_events_preboot_size from a global final log size, ...
CVE-2022-1729
CVE-2022-1729 describes a race condition in the Linux kernel perf_event_open() within the perf subsystem. An unprivileged local user could exploit this to gain root privileges, with potential follow-on impacts such as information leaks or arbitrary code execution as implied by multiple sources. C...
CVE-2015-1421
CVE-2015-1421 is a use-after-free in the Linux kernel SCTP path (sctp_assoc_update in net/sctp/associola.c) that allows a remote attacker to trigger an INIT collision, leading to slab corruption and a kernel panic (DoS) with potentially other impact. Affected condition: kernel versions prior to 3...
CVE-2019-15030
CVE-2019-15030 affects the Linux kernel on powerpc up to 5.2.14. A local user can read another local process’s vector registers by exploiting a Facility Unavailable exception when starting a transaction (tbegin) and then accessing vector registers; at some point, vector registers may be corrupted...
CVE-2021-3348
CVE-2021-3348 is a race condition in the Linux kernel’s nbd.c driver (ndb_queue_rq) that can trigger a use-after-free during NBD device setup. The vulnerability is locally exploitable by a user with access to an NBD device, potentially causing a crash or memory corruption and, per Debian’s adviso...
CVE-2021-42739
CVE-2021-42739 is a heap/buffer overflow in the Linux kernel’s FireWire FireDTV driver (firedtv-avc.c, firedtv-ci.c) caused by avc_ca_pmt failing to perform proper bounds checking. It affects the kernel’s FireWire path and can lead to memory corruption, crashes, or potentially privilege escalatio...
CVE-2024-50302
CVE-2024-50302 affects the Linux kernel HID core by leaving the HID report buffer potentially uninitialized, enabling possible memory leakage via crafted reports. The fixed behavior is to zero-initialize the report buffer at allocation time. Public advisories (including AstraLinux and AlmaLinux f...
CVE-2020-8647
Summary of CVE-2020-8647: A use-after-free? No — it is an MMIO out-of-bounds access in the vgacon driver (vt.c, vc_do_resize) of the Linux kernel, reported in the Debian/AlmaLinux advisories as CVE-2020-8647. Impact stated in Debian entries includes potential denial of service, memory corruption,...
CVE-2019-16234
CVE-2019-16234 concerns the Linux kernel, where in 5.2.14 the PCIe wireless driver (iwlwifi/pcie/trans.c) does not check the result of alloc_workqueue, enabling a NULL pointer dereference. In public advisories, this CVE is tied to Unity Linux 20, which lists the kernel 5.2.14 issue as affecting i...
CVE-2020-36311
CVE-2020-36311 affects the Linux kernel prior to 5.9. In arch/x86/kvm/svm/sev.c, destroying a large SEV VM (unregistering many encrypted regions) can trigger a denial of service (soft lockup). The connected advisories confirm the issue and point to a fix in kernel 5.9 (and changelog indicating th...
CVE-2022-36879
CVE-2022-36879 affects the Linux kernel: a flaw in xfrm_policy handling (xfrm_expand_policies) can cause a refcount to be dropped twice in net/xfrm/xfrm_policy.c. This is a local vulnerability with an availability impact (as per CVSS: 5.5, MEDIUM). The issue exists through kernel versions up to 5...
CVE-2023-2008
The CVE-2023-2008 flaw is in the Linux kernel udmabuf device driver, within its fault handler. It stems from insufficient validation of user-supplied data, allowing a memory access past the end of an array. This can enable local privilege escalation and execution of arbitrary code in the kernel c...
CVE-2023-52448
CVE-2023-52448 affects the Linux kernel gfs2 subsystem. Syzkaller reported a NULL pointer dereference in gfs2_rgrp_dump when rgd->rd_rgl is accessed, potentially after rgd->rd_gl creation fails in read_rindex_entry(). The fix adds a NULL pointer check in gfs2_rgrp_dump() to prevent derefere...
CVE-2019-15217
The CVE-2019-15217 entry concerns a NULL pointer dereference in the Linux kernel before 5.2.3, triggered by a malicious USB device via the zr364xx USB driver (drivers/media/usb/zr364xx/zr364xx.c). The issue can lead to a denial of service on a physical USB attack vector. Public references indicat...
CVE-2020-8834
Affected software: Linux kernel KVM for PowerPC (KVM with Book3S HV on Power8). Vulnerability arises from conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry and in kvmppc_save_tm()/kvmppc_restore_tm, leading to stack corruption. Consequence: a guest VM kernel-space code execut...
CVE-2016-7117
CVE-2016-7117 describes a use-after-free in the Linux kernel’s __sys_recvmmsg() within net/socket.c, affecting kernel versions prior to 4.5.2. An attacker could trigger the corruption via a mishandled recvmmsg system call during error processing, enabling remote execution of arbitrary code. The v...
CVE-2021-28660
CVE-2021-28660 affects the Realtek RTL8188EU WiFi driver (drivers/staging/rtl8188eu/os_dep/ioctl_linux.c) in the Linux kernel and is caused by writing beyond the end of the ssid[] array in rtw_wx_set_scan. The Connected documents confirm this exact issue across multiple advisories (e.g., Debian L...
CVE-2022-38457
CVE-2022-38457 affects the vmwgfx driver (Linux kernel) in the function vmw_cmd_res_check within drivers/gpu/vmxgfx/vmxgfx_execbuf.c, exposed via /dev/dri/renderD128. The issue is a use-after-free, leading to local privilege escalation and DoS. Connected advisories ( MiracleLinux AXSA) reference ...
CVE-2022-3903
CVE-2022-3903 describes an incorrect read request flaw in the Linux kernel’s Infrared Transceiver USB driver. When a user attaches a malicious USB device, a local user can cause resource starvation, leading to denial of service or potentially a system crash. Connected advisories (Unity Linux UTSA...
CVE-2018-21008
CVE-2018-21008 affects the Linux kernel up to version 4.16.6, with a use-after-free in rsi_mac80211_detach (drivers/net/wireless/rsi/rsi_91x_mac80211.c). Nessus/nvd-derived docs consistently reference this flaw across Unity Linux advisories and related feeds, confirming the vulnerable component a...
CVE-2022-40133
CVE-2022-40133 : A use-after-free in the Linux kernel vmwgfx driver (function vmw_execbuf_tie_context in drivers/gpu/vmxgfx/vmxgfx_execbuf.c) can be triggered by local unprivileged/user-space activity via the render node (/dev/dri/renderD128). Exploitation may allow a local attacker to gain eleva...
CVE-2023-0461
CVE-2023-0461 describes a use-after-free in the Linux kernel’s handling of TLS contexts on TCP sockets (icalled icsk_ulp_data) that can trigger a double-free when a TLS context is inherited by a reused listener. Affected scenario requires CONFIG_TLS to be enabled and may enable local privilege es...
CVE-2020-24394
CVE-2020-24394 affects the Linux kernel before 5.7.8 in the NFS server (fs/nfsd/vfs.c). The root cause is that ACL-less filesystems do not apply the current umask when creating new objects, allowing an attacker with local access to set incorrect permissions. Public details in connected advisories...
CVE-2020-25643
CVE-2020-25643 affects the Linux kernel HDLC_PPP module via improper input validation in ppp_cp_parse_cr, causing memory corruption and a read overflow that can lead to system crash or DoS. Public advisories confirm this vulnerability and reference the same root cause, with mitigations proposed a...
CVE-2020-26541
CVE-2020-26541 : Local attacker can bypass the Secure Boot Forbidden Signature Database (dbx) protection in Linux kernels up to 5.8.13, affecting certs/blacklist.c and certs/system_keyring.c. Impact involves potential system integrity/confidentiality compromise. Connected sources confirm the issu...
CVE-2019-9213
CVE-2019-9213 : Linux kernel mmap minimum address check in mm/mmap.c is insufficient, enabling a NULL pointer dereference exploit on platforms without SMAP/PAN. Affected: kernels before 4.20.14. Mitigation: upgrade to 4.20.14 or later (see ChangeLog-4.20.14; USN-3931-2).